Enhance your Career in Networking With IPinBits!!!​

Linux “grep” command – Let’s dig deep

  1. As a network engineer, Linux knowledge is as crucial. If you ever happened to troubleshoot on routers (MX, ASR etc), they are based on linux and all the logs are saved in linux shell. Sure, you can view some of them from CLI – JUNOS or IOS. But the guys in Vendor TAC teams always uses Linux heavily. So today I will explain the Linux “grep” command. This command is savior when dealing with large log files/session logs.
    So first thing first, what is grep – Grep is an acronym that stands for Global Regular Expression Print. It is a Linux utility or tool used for Searching strings of characters in a specified file. In other words, by using grep we match a pattern in file and the line with matching pattern is shown in output (instead of thousands of lines). Since we always have multiple versions/extensions of protocols, grep is also of three types :- 
    1. grep – most basic form of this tool, and is sufficient for a network engineer
    2. egrep – This is the extended version of grep. egrep is 100% equivalent to grep -E
    3. fgrep –  Interpret PATTERN as a list of fixed strings. fgrep is 100% equivalent to grep -F.

NOTE:: Please Note that Direct invocation as either egrep or fgrep is deprecated, but is provided to allow historical applications that rely on them to run unmodified.

Now lets see What is the Linux Official statement about the grep. Just open your Linux terminal and type “grep –help”

ipinbits@ubuntu:~$ grep --help
Usage: grep [OPTION]... PATTERN [FILE]...
Search for PATTERN in each FILE or standard input.
PATTERN is, by default, a basic regular expression (BRE).
Example: grep -i 'hello world' menu.h main.c
.
.
.
'egrep' means 'grep -E'. 'fgrep' means 'grep -F'.
Direct invocation as either 'egrep' or 'fgrep' is deprecated.
When FILE is -, read standard input. With no FILE, read . if a command-line
-r is given, - otherwise. If fewer than two FILEs are given, assume -h.
Exit status is 0 if any line is selected, 1 otherwise;
if any error occurs and -q is not given, the exit status is 2.

So enough of statements, lets get in action. There are loads of option with grep but i will list out only the most frequent used ones.
1. How do we use grep? – ipinbits@ubuntu:/var/log$ cat syslog | grep 872
    This command is used to cat the syslog file and grep the “872” string.

ipinbits@ubuntu:/var/log$ cat syslog | grep 872
Mar 1 08:53:43 ubuntu dbus[872]: [system] AppArmor D-Bus mediation is enabled
Mar 1 08:53:43 ubuntu dbus[872]: [system] Successfully activated service 'org.freedesktop.systemd1'
Mar 1 08:53:43 ubuntu kernel: [ 0.058872] Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes)
Mar 1 08:53:43 ubuntu kernel: [ 0.486872] pnp 00:06: Plug and Play ACPI device, IDs PNP0700 (active)

2. Now suppose we have a bgp route table and we do want to find the specific ip

ipinbits@ubuntu:/var/run/vmblock-fuse/blockdir/tYODon$ cat iproute.txt | grep  5.180.132.180
  i1.0.16.0/24      5.180.132.180            2    150      0 2497 2519 i
  i1.0.64.0/18      5.180.132.180            2    150      0 2497 7670 18144 i
  i1.1.64.0/19      5.180.132.180            2    150      0 2497 2519 i
  i1.1.96.0/24      5.180.132.180            2    150      0 2497 2519 i
  i1.1.97.0/24      5.180.132.180            2    150      0 2497 2519 i
  i1.1.98.0/24      5.180.132.180            2    150      0 2497 2519 i
  i1.1.99.0/24      5.180.132.180            2    150      0 2497 2519 i
  i1.1.100.0/24     5.180.132.180            2    150      0 2497 2519 i
  i1.1.101.0/24     5.180.132.180            2    150      0 2497 2519 i
  i1.1.102.0/24     5.180.132.180            2    150      0 2497 2519 i
  i1.1.103.0/24     5.180.132.180            2    150      0 2497 2519 i
  i1.1.104.0/24     5.180.132.180            2    150      0 2497 2519 i
  i1.1.105.0/24     5.180.132.180            2    150      0 2497 2519 i
  i1.1.106.0/24     5.180.132.180            2    150      0 2497 2519 i
  i1.1.107.0/24     5.180.132.180            2    150      0 2497 2519 i

Now that’s lot of output (only partial output is displayed here. Lets count how many ip occurrence we have :-

ipinbits@ubuntu:/var/run/vmblock-fuse/blockdir/tYODon$ cat iproute.txt | grep  -c 5.180.132.180
3476
ipinbits@ubuntu:/var/run/vmblock-fuse/blockdir/tYODon

nbsp;
so this shows we have 3476 occurrences of that specific ip. 

3. Now instead of single IP, you need to search multiple IPs, in that case we will use extended grep.

ipinbits@ubuntu:/var/run/vmblock-fuse/blockdir/tYODon$ cat iproute.txt | grep  -c 5.180.132.180
3476
ipinbits@ubuntu:/var/run/vmblock-fuse/blockdir/tYODon$ cat iproute.txt | grep  -c 5.180.132.182
1989
ipinbits@ubuntu:/var/run/vmblock-fuse/blockdir/tYODon$ cat iproute.txt | grep  -c -e 5.180.132.182 -e 5.180.132.180
5465

I used -c flag to count the occurrence, if you remove -c then the whole output i.e 5465 lines will be displayed.  Please note that we can use egrep in two ways, both commands will give same result.

ipinbits@ubuntu:/var/run/vmblock-fuse/blockdir/tYODon$ cat iproute.txt | egrep    "5.180.132.182 | 5.180.132.180"
ipinbits@ubuntu:/var/run/vmblock-fuse/blockdir/tYODon$ cat iproute.txt | grep   -e 5.180.132.182 -e 5.180.132.180

Some other flags used with grep are :-

  • -i : During comparisons, it will ignore upper/lower case distinction.
  • -n : It is used precede each line by its line number in the file (first line is 1 not 0).
  • -v : Print all lines except those contain the pattern.
  • -x : Print only lines matched entirely.

 Happy Learning !!!

Related blog posts